bridgehead/ccp/modules/datashield-setup.sh

#!/bin/bash -e

if [ "$ENABLE_DATASHIELD" == true ]; then
  # HACK: This only works because exporter-setup.sh and teiler-setup.sh are sourced after datashield-setup.sh
  if [ -z "${ENABLE_EXPORTER}" ] || [ "${ENABLE_EXPORTER}" != "true" ]; then
    log WARN "The ENABLE_EXPORTER variable is either not set or not set to 'true'."
  fi
  OAUTH2_CALLBACK=/oauth2/callback
  OAUTH2_PROXY_SECRET="$(echo \"This is a salt string to generate one consistent encryption key for the oauth2_proxy. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 32)"
  add_private_oidc_redirect_url "${OAUTH2_CALLBACK}"

  log INFO "DataSHIELD setup detected -- will start DataSHIELD services."
  OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"
  EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"
  TOKEN_MANAGER_OPAL_PASSWORD="$(generate_password \"Token Manager in Opal\")"
  OPAL_DB_PASSWORD="$(echo \"Opal DB\" | generate_simple_password)"
  OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"
  RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")"
  DATASHIELD_CONNECT_SECRET="$(echo \"DataShield Connect\" | generate_simple_password)"
  TOKEN_MANAGER_SECRET="$(echo \"Token Manager\" | generate_simple_password)"
  if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then
    mkdir -p /tmp/bridgehead/
    openssl req -x509 -newkey rsa:4096 -nodes -keyout /tmp/bridgehead/opal-key.pem -out /tmp/bridgehead/opal-cert.pem -days 3650 -subj "/CN=opal/C=DE"
  fi
  mkdir -p /tmp/bridgehead/opal-map
  sites="$(cat ./$PROJECT/modules/datashield-sites.json)"
  echo "$sites" | docker_jq -n --args '{"sites": input | map({
    "name": .,
    "id": .,
    "virtualhost": "\(.):443",
    "beamconnect": "datashield-connect.\(.).'"$BROKER_ID"'"
  })}' $sites >/tmp/bridgehead/opal-map/central.json
  echo "$sites" | docker_jq -n --args '[{
    "external": "'"$SITE_ID"':443",
    "internal": "opal:8443",
    "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'")
  }]' >/tmp/bridgehead/opal-map/local.json
  if [ "$USER" == "root" ]; then
    chown -R bridgehead:docker /tmp/bridgehead
    chmod g+wr /tmp/bridgehead/opal-map/*
    chmod g+r /tmp/bridgehead/opal-key.pem
  fi
  add_private_oidc_redirect_url "/opal/*"
fi
#!/bin/bash -e 2023-09-04 16:43:40 +02:00			`#!/bin/bash -e`
Add DataSHIELD 2023-04-12 09:46:35 +02:00
Generate passwords only if modules are enabled 2023-07-19 13:45:14 +02:00			`if [ "$ENABLE_DATASHIELD" == true ]; then`
refactor: Move vars to their setup files 2024-03-11 11:34:05 +01:00			`# HACK: This only works because exporter-setup.sh and teiler-setup.sh are sourced after datashield-setup.sh`
Add warning if ENABLE_EXPORTER is not set or set to true 2024-03-18 12:18:19 +01:00			`if [ -z "${ENABLE_EXPORTER}" ] \|\| [ "${ENABLE_EXPORTER}" != "true" ]; then`
Fix spelling of log WARN 2024-03-19 09:47:57 +01:00			`log WARN "The ENABLE_EXPORTER variable is either not set or not set to 'true'."`
Add warning if ENABLE_EXPORTER is not set or set to true 2024-03-18 12:18:19 +01:00			`fi`
refactor: Move oauth2 proxy related things to datashield setup 2024-03-14 12:50:08 +01:00			`OAUTH2_CALLBACK=/oauth2/callback`
Replace \| openssl rsautl -sign with \| sha1sum \| openssl pkeyutl -sign 2024-03-18 12:44:34 +01:00			`OAUTH2_PROXY_SECRET="$(echo \"This is a salt string to generate one consistent encryption key for the oauth2_proxy. It is not required to be secret.\" \| sha1sum \| openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem \| base64 \| head -c 32)"`
refactor: Move oauth2 proxy related things to datashield setup 2024-03-14 12:50:08 +01:00			`add_private_oidc_redirect_url "${OAUTH2_CALLBACK}"`

Add DataSHIELD 2023-04-12 09:46:35 +02:00			`log INFO "DataSHIELD setup detected -- will start DataSHIELD services."`
			`OVERRIDE+=" -f ./$PROJECT/modules/datashield-compose.yml"`
fix: Use strong pw for opal 2023-12-22 11:54:13 +01:00			`EXPORTER_OPAL_PASSWORD="$(generate_password \"exporter in Opal\")"`
			`TOKEN_MANAGER_OPAL_PASSWORD="$(generate_password \"Token Manager in Opal\")"`
fix: Generate stable passwords 2023-12-22 11:41:07 +01:00			`OPAL_DB_PASSWORD="$(echo \"Opal DB\" \| generate_simple_password)"`
Add generate_password function 2023-11-23 15:54:44 +01:00			`OPAL_ADMIN_PASSWORD="$(generate_password \"admin password for Opal\")"`
Add R-Studio Admin Password 2023-11-23 17:28:39 +01:00			`RSTUDIO_ADMIN_PASSWORD="$(generate_password \"admin password for R-Studio\")"`
fix: Generate stable passwords 2023-12-22 11:41:07 +01:00			`DATASHIELD_CONNECT_SECRET="$(echo \"DataShield Connect\" \| generate_simple_password)"`
			`TOKEN_MANAGER_SECRET="$(echo \"Token Manager\" \| generate_simple_password)"`
Autogenerate maps for Opal's beam-connect. To be completed by @Threated with a map-generator in the script. 2023-09-15 10:12:16 +02:00			`if [ ! -e /tmp/bridgehead/opal-cert.pem ]; then`
			`mkdir -p /tmp/bridgehead/`
fix: opal ssl cert 2023-12-13 15:07:11 +01:00			`openssl req -x509 -newkey rsa:4096 -nodes -keyout /tmp/bridgehead/opal-key.pem -out /tmp/bridgehead/opal-cert.pem -days 3650 -subj "/CN=opal/C=DE"`
Generate passwords only if modules are enabled 2023-07-19 13:45:14 +02:00			`fi`
Auto generate mappings 2023-09-15 11:45:28 +02:00			`mkdir -p /tmp/bridgehead/opal-map`
chore: Remame datashield mappings to datashield sites 2024-02-19 09:26:53 +01:00			`sites="$(cat ./$PROJECT/modules/datashield-sites.json)"`
refactor: Use jq from docker 2024-01-31 10:21:19 +01:00			`echo "$sites" \| docker_jq -n --args '{"sites": input \| map({`
fix: generate the right beam connect mappings 2023-12-13 12:01:25 +01:00			`"name": .,`
			`"id": .,`
fix: beam connect site renaming 2023-12-13 14:17:16 +01:00			`"virtualhost": "\(.):443",`
fix: generate the right beam connect mappings 2023-12-13 12:01:25 +01:00			`"beamconnect": "datashield-connect.\(.).'"$BROKER_ID"'"`
Add warning if ENABLE_EXPORTER is not set or set to true 2024-03-18 12:18:19 +01:00			`})}' $sites >/tmp/bridgehead/opal-map/central.json`
refactor: Use jq from docker 2024-01-31 10:21:19 +01:00			`echo "$sites" \| docker_jq -n --args '[{`
fix: beam connect site renaming 2023-12-13 14:17:16 +01:00			`"external": "'"$SITE_ID"':443",`
fix: opal ssl cert 2023-12-13 15:07:11 +01:00			`"internal": "opal:8443",`
fix: generate the right beam connect mappings 2023-12-13 12:01:25 +01:00			`"allowed": input \| map("datashield-connect.\(.).'"$BROKER_ID"'")`
Add warning if ENABLE_EXPORTER is not set or set to true 2024-03-18 12:18:19 +01:00			`}]' >/tmp/bridgehead/opal-map/local.json`
fix: Correctly set file permissions 2024-01-31 15:23:14 +01:00			`if [ "$USER" == "root" ]; then`
			`chown -R bridgehead:docker /tmp/bridgehead`
			`chmod g+wr /tmp/bridgehead/opal-map/*`
			`chmod g+r /tmp/bridgehead/opal-key.pem`
			`fi`
Better redirect url handeling 2023-11-30 14:46:08 +01:00			`add_private_oidc_redirect_url "/opal/*"`
Add opal certificate 2023-05-16 16:40:22 +02:00			`fi`